class Cluster (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Eks.V2.Alpha.Cluster |
 Go | github.com/aws/aws-cdk-go/awscdkeksv2alpha/v2#Cluster |
 Java | software.amazon.awscdk.services.eks.v2.alpha.Cluster |
 Python | aws_cdk.aws_eks_v2_alpha.Cluster |
 TypeScript (source) | @aws-cdk/aws-eks-v2-alpha ยป Cluster |
Implements
IConstruct, IDependable, IResource, IEnvironment, ICluster, IConnectable
A Cluster represents a managed Kubernetes Service (EKS).
This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes.
Example
const cluster = new eks.Cluster(this, 'ManagedNodeCluster', {
version: eks.KubernetesVersion.V1_34,
defaultCapacityType: eks.DefaultCapacityType.NODEGROUP,
});
// Add a Fargate Profile for specific workloads (e.g., default namespace)
cluster.addFargateProfile('FargateProfile', {
selectors: [
{ namespace: 'default' }, // Run pods in 'default' on Fargate
],
});
Initializer
new Cluster(scope: Construct, id: string, props: ClusterProps)
Parameters
- scope
Constructโ a Construct, most likely a cdk.Stack created. - id
stringโ the id of the Construct to create. - props
Clusterโ properties in the IClusterProps interface.Props
Initiates an EKS Cluster with the supplied arguments.
Construct Props
| Name | Type | Description |
|---|---|---|
| version | Kubernetes | The Kubernetes version to run in the cluster. |
| alb | Alb | Install the AWS Load Balancer Controller onto the cluster. |
| bootstrap | boolean | Whether or not IAM principal of the cluster creator was set as a cluster admin access entry during cluster creation time. |
| cluster | Cluster[] | The cluster log types which you want to enable. |
| cluster | string | Name for the cluster. |
| compute? | Compute | Configuration for compute settings in Auto Mode. |
| core | Core | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. |
| default | number | Number of instances to allocate as an initial capacity for this cluster. |
| default | Instance | The instance type to use for the default capacity. |
| default | Default | The default capacity type for the cluster. |
| endpoint | Endpoint | Configure access to the Kubernetes API server endpoint.. |
| ip | Ip | Specify which IP family is used to assign Kubernetes pod and service IP addresses. |
| kubectl | Kubectl | Options for creating the kubectl provider - a lambda function that executes kubectl and helm against the cluster. |
| masters | IRole | An IAM role that will be added to the system:masters Kubernetes RBAC group. |
| output | boolean | Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized. |
| prune? | boolean | Indicates whether Kubernetes resources added through addManifest() can be automatically pruned. |
| role? | IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. |
| secrets | IKey | KMS secret for envelope encryption for Kubernetes secrets. |
| security | ISecurity | Security Group to use for Control Plane ENIs. |
| service | string | The CIDR block to assign Kubernetes service IP addresses from. |
| tags? | { [string]: string } | The tags assigned to the EKS cluster. |
| vpc? | IVpc | The VPC in which to create the Cluster. |
| vpc | Subnet[] | Where to place EKS Control Plane ENIs. |
version
Type:
Kubernetes
The Kubernetes version to run in the cluster.
albController?
Type:
Alb
(optional, default: The controller is not installed.)
Install the AWS Load Balancer Controller onto the cluster.
See also: https://kubernetes-sigs.github.io/aws-load-balancer-controller
bootstrapClusterCreatorAdminPermissions?
Type:
boolean
(optional, default: true)
Whether or not IAM principal of the cluster creator was set as a cluster admin access entry during cluster creation time.
Changing this value after the cluster has been created will result in the cluster being replaced.
clusterLogging?
Type:
Cluster[]
(optional, default: none)
The cluster log types which you want to enable.
clusterName?
Type:
string
(optional, default: Automatically generated name)
Name for the cluster.
compute?
Type:
Compute
(optional, default: Auto Mode compute disabled)
Configuration for compute settings in Auto Mode.
When enabled, EKS will automatically manage compute resources.
coreDnsComputeType?
Type:
Core
(optional, default: CoreDnsComputeType.EC2 (for FargateCluster the default is FARGATE))
Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS.
defaultCapacity?
Type:
number
(optional, default: 2)
Number of instances to allocate as an initial capacity for this cluster.
Instance type can be configured through defaultCapacityInstanceType,
which defaults to m5.large.
Use cluster.addAutoScalingGroupCapacity to add additional customized capacity. Set this
to 0 is you wish to avoid the initial capacity allocation.
defaultCapacityInstance?
Type:
Instance
(optional, default: m5.large)
The instance type to use for the default capacity.
This will only be taken
into account if defaultCapacity is > 0.
defaultCapacityType?
Type:
Default
(optional, default: AUTOMODE)
The default capacity type for the cluster.
endpointAccess?
Type:
Endpoint
(optional, default: EndpointAccess.PUBLIC_AND_PRIVATE)
Configure access to the Kubernetes API server endpoint..
See also: https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html
ipFamily?
Type:
Ip
(optional, default: IpFamily.IP_V4)
Specify which IP family is used to assign Kubernetes pod and service IP addresses.
kubectlProviderOptions?
Type:
Kubectl
(optional)
Options for creating the kubectl provider - a lambda function that executes kubectl and helm against the cluster.
If defined, kubectlLayer is a required property.
If not defined, kubectl provider will not be created by default.
mastersRole?
Type:
IRole
(optional, default: no masters role.)
An IAM role that will be added to the system:masters Kubernetes RBAC group.
See also: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings
outputConfigCommand?
Type:
boolean
(optional, default: true)
Determines whether a CloudFormation output with the aws eks update-kubeconfig command will be synthesized.
This command will include the cluster name and, if applicable, the ARN of the masters IAM role.
prune?
Type:
boolean
(optional, default: true)
Indicates whether Kubernetes resources added through addManifest() can be automatically pruned.
When this is enabled (default), prune labels will be
allocated and injected to each resource. These labels will then be used
when issuing the kubectl apply operation with the --prune switch.
role?
Type:
IRole
(optional, default: A role is automatically created for you)
Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
secretsEncryptionKey?
Type:
IKey
(optional, default: By default, Kubernetes stores all secret object data within etcd and
all etcd volumes used by Amazon EKS are encrypted at the disk-level
using AWS-Managed encryption keys.)
KMS secret for envelope encryption for Kubernetes secrets.
securityGroup?
Type:
ISecurity
(optional, default: A security group is automatically created)
Security Group to use for Control Plane ENIs.
serviceIpv4Cidr?
Type:
string
(optional, default: Kubernetes assigns addresses from either the
10.100.0.0/16 or 172.20.0.0/16 CIDR blocks)
The CIDR block to assign Kubernetes service IP addresses from.
tags?
Type:
{ [string]: string }
(optional, default: none)
The tags assigned to the EKS cluster.
vpc?
Type:
IVpc
(optional, default: a VPC with default configuration will be created and can be accessed through cluster.vpc.)
The VPC in which to create the Cluster.
vpcSubnets?
Type:
Subnet[]
(optional, default: All public and private subnets)
Where to place EKS Control Plane ENIs.
For example, to only select private subnets, supply the following:
vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }]
Properties
| Name | Type | Description |
|---|---|---|
| cluster | string | The AWS generated ARN for the Cluster resource. |
| cluster | string | The certificate-authority-data for your cluster. |
| cluster | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). |
| cluster | string | The endpoint URL for the Cluster. |
| cluster | string | The Name of the created EKS Cluster. |
| cluster | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. |
| cluster | ISecurity | The cluster security group that was created by Amazon EKS for the cluster. |
| cluster | string | The id of the cluster security group that was created by Amazon EKS for the cluster. |
| connections | Connections | Manages connection rules (Security Group Rules) for the cluster. |
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| open | IOpen | An OpenIdConnectProvider resource associated with this cluster, and which can be used to link this cluster to AWS IAM. |
| prune | boolean | Determines if Kubernetes resources can be pruned automatically. |
| role | IRole | IAM role assumed by the EKS Control Plane. |
| stack | Stack | The stack in which this resource is defined. |
| vpc | IVpc | The VPC in which this Cluster was created. |
| alb | Alb | The ALB Controller construct defined for this cluster. |
| default | Auto | The auto scaling group that hosts the default capacity for this cluster. |
| default | Nodegroup | The node group that hosts the default capacity for this cluster. |
| eks | IAddon | Retrieves the EKS Pod Identity Agent addon for the EKS cluster. |
| ip | Ip | Specify which IP family is used to assign Kubernetes pod and service IP addresses. |
| kubectl | IKubectl | |
| static PROPERTY_INJECTION_ID | string | Uniquely identifies this class. |
clusterArn
Type:
string
The AWS generated ARN for the Cluster resource.
For example, arn:aws:eks:us-west-2:666666666666:cluster/prod
clusterCertificateAuthorityData
Type:
string
The certificate-authority-data for your cluster.
clusterEncryptionConfigKeyArn
Type:
string
Amazon Resource Name (ARN) or alias of the customer master key (CMK).
clusterEndpoint
Type:
string
The endpoint URL for the Cluster.
This is the URL inside the kubeconfig file to use with kubectl
For example, https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com
clusterName
Type:
string
The Name of the created EKS Cluster.
clusterOpenIdConnectIssuerUrl
Type:
string
If this cluster is kubectl-enabled, returns the OpenID Connect issuer url.
If this cluster is not kubectl-enabled (i.e. uses the
stock CfnCluster), this is undefined.
clusterSecurityGroup
Type:
ISecurity
The cluster security group that was created by Amazon EKS for the cluster.
clusterSecurityGroupId
Type:
string
The id of the cluster security group that was created by Amazon EKS for the cluster.
connections
Type:
Connections
Manages connection rules (Security Group Rules) for the cluster.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
node
Type:
Node
The tree node.
openIdConnectProvider
Type:
IOpen
An OpenIdConnectProvider resource associated with this cluster, and which can be used to link this cluster to AWS IAM.
A provider will only be defined if this property is accessed (lazy initialization).
prune
Type:
boolean
Determines if Kubernetes resources can be pruned automatically.
role
Type:
IRole
IAM role assumed by the EKS Control Plane.
stack
Type:
Stack
The stack in which this resource is defined.
vpc
Type:
IVpc
The VPC in which this Cluster was created.
albController?
Type:
Alb
(optional)
The ALB Controller construct defined for this cluster.
Will be undefined if albController wasn't configured.
defaultCapacity?
Type:
Auto
(optional)
The auto scaling group that hosts the default capacity for this cluster.
This will be undefined if the defaultCapacityType is not EC2 or
defaultCapacityType is EC2 but default capacity is set to 0.
defaultNodegroup?
Type:
Nodegroup
(optional)
The node group that hosts the default capacity for this cluster.
This will be undefined if the defaultCapacityType is EC2 or
defaultCapacityType is NODEGROUP but default capacity is set to 0.
eksPodIdentityAgent?
Type:
IAddon
(optional)
Retrieves the EKS Pod Identity Agent addon for the EKS cluster.
The EKS Pod Identity Agent is responsible for managing the temporary credentials used by pods in the cluster to access AWS resources. It runs as a DaemonSet on each node and provides the necessary credentials to the pods based on their associated service account.
ipFamily?
Type:
Ip
(optional, default: IpFamily.IP_V4)
Specify which IP family is used to assign Kubernetes pod and service IP addresses.
kubectlProvider?
Type:
IKubectl
(optional)
static PROPERTY_INJECTION_ID
Type:
string
Uniquely identifies this class.
Methods
| Name | Description |
|---|---|
| add | Add nodes to this EKS cluster. |
| add | Defines a CDK8s chart in this cluster. |
| add | Adds a Fargate profile to this cluster. |
| add | Defines a Helm chart in this cluster. |
| add | Defines a Kubernetes resource in this cluster. |
| add | Add managed nodegroup to this Amazon EKS cluster. |
| add | Creates a new service account with corresponding IAM Role (IRSA). |
| apply | Apply the given removal policy to this resource. |
| connect | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. |
| get | Fetch the load balancer address of an ingress backed by a load balancer. |
| get | Fetch the load balancer address of a service of type 'LoadBalancer'. |
| grant | Grants the specified IAM principal access to the EKS cluster based on the provided access policies. |
| grant | Grants the specified IAM principal cluster admin access to the EKS cluster. |
| to | Returns a string representation of this construct. |
| static from | Import an existing cluster. |
addAutoScalingGroupCapacity(id, options)
public addAutoScalingGroupCapacity(id: string, options: AutoScalingGroupCapacityOptions): AutoScalingGroup
Parameters
- id
string - options
AutoScaling Group Capacity Options
Returns
Add nodes to this EKS cluster.
The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version.
Note that if you specify updateType: RollingUpdate or updateType: ReplacingUpdate, your nodes might be replaced at deploy
time without notice in case the recommended AMI for your machine image type has been updated by AWS.
The default behavior for updateType is None, which means only new instances will be launched using the new AMI.
addCdk8sChart(id, chart, options?)
public addCdk8sChart(id: string, chart: Construct, options?: KubernetesManifestOptions): KubernetesManifest
Parameters
- id
stringโ logical id of this chart. - chart
Constructโ the cdk8s chart. - options
KubernetesManifest Options
Returns
Defines a CDK8s chart in this cluster.
addFargateProfile(id, options)
public addFargateProfile(id: string, options: FargateProfileOptions): FargateProfile
Parameters
- id
stringโ the id of this profile. - options
Fargateโ profile options.Profile Options
Returns
Adds a Fargate profile to this cluster.
See also: https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html
addHelmChart(id, options)
public addHelmChart(id: string, options: HelmChartOptions): HelmChart
Parameters
- id
stringโ logical id of this chart. - options
Helmโ options of this chart.Chart Options
Returns
Defines a Helm chart in this cluster.
addManifest(id, ...manifest)
public addManifest(id: string, ...manifest: { [string]: any }[]): KubernetesManifest
Parameters
- id
stringโ logical id of this manifest. - manifest
{ [string]: any }โ a list of Kubernetes resource specifications.
Returns
Defines a Kubernetes resource in this cluster.
The manifest will be applied/deleted using kubectl as needed.
addNodegroupCapacity(id, options?)
public addNodegroupCapacity(id: string, options?: NodegroupOptions): Nodegroup
Parameters
- id
stringโ The ID of the nodegroup. - options
Nodegroupโ options for creating a new nodegroup.Options
Returns
Add managed nodegroup to this Amazon EKS cluster.
This method will create a new managed nodegroup and add into the capacity.
See also: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html
addServiceAccount(id, options?)
public addServiceAccount(id: string, options?: ServiceAccountOptions): ServiceAccount
Parameters
- id
string - options
ServiceAccount Options
Returns
Creates a new service account with corresponding IAM Role (IRSA).
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
connectAutoScalingGroupCapacity(autoScalingGroup, options)
public connectAutoScalingGroupCapacity(autoScalingGroup: AutoScalingGroup, options: AutoScalingGroupOptions): void
Parameters
- autoScalingGroup
Autoโ [disable-awslint:ref-via-interface].Scaling Group - options
Autoโ options for adding auto scaling groups, like customizing the bootstrap script.Scaling Group Options
Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster.
The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration.
Prefer to use addAutoScalingGroupCapacity if possible.
See also: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
getIngressLoadBalancerAddress(ingressName, options?)
public getIngressLoadBalancerAddress(ingressName: string, options?: IngressLoadBalancerAddressOptions): string
Parameters
- ingressName
stringโ The name of the ingress. - options
Ingressโ Additional operation options.Load Balancer Address Options
Returns
string
Fetch the load balancer address of an ingress backed by a load balancer.
getServiceLoadBalancerAddress(serviceName, options?)
public getServiceLoadBalancerAddress(serviceName: string, options?: ServiceLoadBalancerAddressOptions): string
Parameters
- serviceName
stringโ The name of the service. - options
Serviceโ Additional operation options.Load Balancer Address Options
Returns
string
Fetch the load balancer address of a service of type 'LoadBalancer'.
grantAccess(id, principal, accessPolicies)
public grantAccess(id: string, principal: string, accessPolicies: IAccessPolicy[]): void
Parameters
- id
stringโ - The ID of theAccessEntryconstruct to be created. - principal
stringโ - The IAM principal (role or user) to be granted access to the EKS cluster. - accessPolicies
IAccessPolicy []โ - An array ofIAccessPolicyobjects that define the access permissions to be granted to the IAM principal.
Grants the specified IAM principal access to the EKS cluster based on the provided access policies.
This method creates an AccessEntry construct that grants the specified IAM principal the access permissions
defined by the provided IAccessPolicy array. This allows the IAM principal to perform the actions permitted
by the access policies within the EKS cluster.
grantClusterAdmin(id, principal)
public grantClusterAdmin(id: string, principal: string): AccessEntry
Parameters
- id
stringโ - The ID of theAccessEntryconstruct to be created. - principal
stringโ - The IAM principal (role or user) to be granted access to the EKS cluster.
Returns
Grants the specified IAM principal cluster admin access to the EKS cluster.
This method creates an AccessEntry construct that grants the specified IAM principal the cluster admin
access permissions. This allows the IAM principal to perform the actions permitted
by the cluster admin acces.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromClusterAttributes(scope, id, attrs)
public static fromClusterAttributes(scope: Construct, id: string, attrs: ClusterAttributes): ICluster
Parameters
- scope
Constructโ the construct scope, in most cases 'this'. - id
stringโ the id or name to import as. - attrs
Clusterโ the cluster properties to use for importing information.Attributes
Returns
Import an existing cluster.